security

Computer scientists and engineers at the University of Washington have come up with a novel way to send passwords securely with no risk of being intercepted and hacked by eavesdroppers. The potential for passwords to be stolen and hacked when sent over WiFi or Bluetooth is very real and lots of research time and money is spent looking for more effective and secure methods. The UW team believes they have found a secure way of sending passwords through the human body.

When it comes to authentication systems, particularly those involving biometric sensors, Microsoft might be considered a latecomer to the party. That said, its Windows Hello platform might actually end up being the most pervasive in the end. That’s because, based on slides and statements made by the company during it recent Ignite 2016 conference, Windows Hello might actually work on more than just Microsoft’s devices, including Android phones and iPhones. When that will happen and to what extent, however, remains shrouded in uncertainty.

Streaming security cameras are probably the most popular gadget in the connected home, and Nest the best known today. After a fairly slow start after its Dropcam acquisition in 2014, Nest finally has an outdoor model, the unimaginatively titled Nest Cam Outdoor. Like the Nest Cam - designed for indoor use - it's $199.99, though for the full range of features you'll need to cough up a monthly or annual subscription.

Security forensics company Elcomsoft revealed last week that encrypted iOS backups created in iTunes have been made far less secure with the recent release of iOS 10. While an unintentional flaw, the new password protected backups offer an "alternative password verification mechanism" that allows them to fall victim to brute force hacks much more quickly and easily than with previous iOS versions. Fortunately Apple acknowledged the issue, and says a fix is on the way with "an upcoming security update."

Thursday saw the release of an update for Street Fighter V on both PS4 and PC that included several new features, including new character Urien, a versus CPU mode, and stage KOs, or the ability for players to defeat opponents using a level's environment. But those playing the fighting game on PC noticed that they got something extra for their platform: a rootkit that allows any application access to the PC's kernel.

Sometimes, the best strategy is an old-fashioned one, and sadly some criminal elements might be using that nugget of wisdom to spread malicious software to unsuspecting victims. In Australia and the UK, there have been reports of USB thumb drives being delivered, most likely by hand, to physical mailboxes. And while these branded memory sticks look innocent, they are rarely so. The few that have been analyzed revealed to contain malware, ransomware even, designed to hold users’ data hostage for a price to be paid to hackers.

Today is was revealed that Yahoo experienced a breach of account names and passwords of epic proportions. Now we're running down the ways which users - any user of Yahoo products of all sorts, with Yahoo accounts - should move forward. This includes password changing. This includes the potential use of Yahoo's Account Key. It includes not having a heart attack about the situation while, at the same time, understanding that one's account breach could mean some very serious things.

Yahoo has confirmed that it suffered a massive data breach, saying its investigation into the matter reported in August has revealed that at least 500 million user accounts are affected. The hack and subsequent data theft took place in late 2014; the company, per its investigation, says it believes a state-sponsored actor was responsible. The potentially exposed data is extensive, including things like user email addresses, names, birth dates, hashed passwords, phone numbers, and possibly security questions/answers of both the unencrypted and encrypted varieties.

Along with the promise of hi-tech features like full or semi autonomous driving, modern cars that sport all kinds of sensors, connectivity features, and remote controls have also brought concerns about security and safety. In particularly, cars that can be controlled remotely have become the target of many researchers’ hacking attempts. Such was the case with the Tesla Model S and Tencent’s Keen Security Lab, revealing how it was possible to manipulate the electric car from a distance, whether it’s parked or even while it’s moving.

Canary has launched a new security camera product called the Canary Flex; it is small, smart, and can be used outdoors, withstanding things like rain and wind to stand ever vigilant over your home. The camera sits idle, and starts recording when it detects movement. If something particularly odd — at least in the camera’s estimation — comes into view, it’ll fire off a push notification to its owner. Overtime, Flex will better understand what kind of things are worth sending notifications about and which ones are, while unusual, of no particular interest or importance.

Some find Siri very helpful, though perhaps only those that the virtual assistant actually understands, but there is such a thing as being too helpful. According to a post on Reddit, Apple’s iconic personal assistant was only too willing to give its owner’s neighbor access to the house, via the front door even. Despite being locked by an August Home Smart Lock, controlled Apple HomeKit via an iPad, said neighbor was given easy entry by doing nothing more than shouting “Hey, Siri, unlock the door!”

Bug bounties and hacking contests aren’t exactly new and almost every tech firm is getting into it. In fact, even Apple just recently revealed its own rewards program for that. Not to be outdone at its own game, Google’s Project Zero, the teams tasked with hunting down zero-day exploits, has announced the Project Zero Prize. On the outside, it’s yet another hacking contest focusing on Android vulnerabilities. However, there are a few things that Project Zero will be doing differently during that six-month contest period.